Providing Protocol Support for Broadband Access Aggregation of PPPoE Sessions

PPP over Ethernet profiles contain configuration information for a group of PPP over Ethernet (PPPoE) sessions. Multiple PPPoE profiles can be defined for a device, allowing different virtual templates and other PPPoE configuration parameters to be assigned to different PPP interfaces, VLANs, and ATM permanent virtual circuits (PVCs) that are used in supporting broadband access aggregation of PPPoE sessions.

Note

This module describes the method for configuring PPPoE sessions using profiles.

Finding Feature Information

Your software release may not support all the features documented in this module. For the latest caveats and feature information, see Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the feature information table.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/​go/​cfn. An account on Cisco.com is not required.

Prerequisites for Providing Protocol Support for Broadband Access Aggregation of PPPoE Sessions

You must understand the concepts described in the Understanding Broadband Access Aggregation module.

You must perform the tasks contained in the Preparing for Broadband Access Aggregation module.

Restrictions for Providing Protocol Support for Broadband Access Aggregation of PPPoE Sessions

If a PPPoE profile is assigned to a PPPoE port (Gigabit Ethernet interface or PVC), virtual circuit (VC) class, or ATM PVC range and the profile has not yet been defined, the port, VC class, or range will not have any PPPoE parameters configured and will not use parameters from the global group.

The subscriber features that are supported/ not supported on PPP sessions are listed in the table below:

Table 1 Subscriber Features Supported and not Supported on PPP Sessions

Information About Providing Protocol Support for Broadband Access Aggregation for PPPoE Sessions

PPPoE Specification Definition

PPP over Ethernet (PPPoE) is a specification that defines how a host PC interacts with common broadband medium (for example, a digital subscriber line (DSL), wireless modem or cable modem) to achieve access to a high-speed data network. Relying on two widely accepted standards, Gigabit Ethernet and PPP, the PPPoE implementation allows users over the Gigabit Ethernet to share a common connection. The Gigabit Ethernet principles supporting multiple users in a LAN, combined with the principles of PPP, which apply to serial connections, support this connection.

The base protocol is defined in RFC 2516.

PPPoE Connection Throttling

Repeated requests to initiate PPPoE sessions can adversely affect the performance of a router and RADIUS server. The PPPoE Connection Throttling feature limits PPPoE connection requests to help prevent intentional denial-of-service attacks and unintentional PPP authentication loops. This feature implements session throttling on the PPPoE server to limit the number of PPPoE session requests that can be initiated from a MAC address or VC during a specified period of time.

PPPoE VLAN Session Throttling

This feature throttles the number of PPPoE over QinQ sessions over each subinterface. If the number of new incoming session requests on the subinterface, exceeds the configured incoming session setup rate, the new session requests will be rejected. You can enable this capability independently on each Gigabit Ethernet subinterface.

The number of incoming session requests will be calculated separately on a combination of each port and subinterface, independent of each other. For example, if there are 2 subinterfaces sharing the QinQ VLAN IDs, the session rate of each is calculated separately. You should assign the bba-group configuration on each subscriber subinterface, with an unambiguous VLAN or outer and inner VLAN IDs (in the case of QinQ).

Autosense for ATM PVCs

The PPPoA/PPPoE Autosense for ATM PVCs feature enables a router to distinguish between incoming PPP over Ethernet (PPPoE) over ATM sessions and to create virtual access based on demand for both PPP types.

Note

The PPPoA/PPPoE Autosense for ATM PVCs feature is supported on Subnetwork Access Protocol (SNAP)-encapsulated ATM PVCs only. It is not supported on multiplexer (MUX)-encapsulated PVCs.

Benefits of Autosense for ATM PVCs

Autosense for ATM PVCs provides resource allocation on demand. For each PVC configured for PPPoE, certain resources (including one virtual-access interface) are allocated upon configuration, regardless of the existence of a PPPoE session on that PVC. The autosense for ATM PVCs resources are allocated for PPPoE sessions only when a client initiates a session, thus reducing overhead on the NAS.

MAC Address for PPPoEoA

To prevent customers from experiencing unexpected behavior resulting from a system change, any change in the usage of MAC addresses will not happen unless it is explicitly configured.

Except for using a different MAC address, this feature does not change the way PPPoE works. This change is limited to ATM interfaces only--specifically, PPPoEoA--and will not be applied to other interfaces where PPPoE is operated on interfaces such as Gigabit Ethernet, Ethernet VLAN, and Data-over-Cable Service Interface Specifications (DOCSIS). Changing the PPPoE MAC address on those interfaces, which are broadcast in nature, requires placing the interface in promiscuous mode, thereby affecting the performance of the router because the router software has to receive all Gigabit Ethernet frames and then discard unneeded frames in the software driver.

This feature is disabled by default and applies to all PPPoE sessions on an ATM PVC interface configured in a BBA group.

When PPPoE and Rapid Bandwidth Expansion (RBE) are configured on two separate PVCs on the same DSL, the customer premises equipment (CPE) acts like a pure bridge, bridging from Gigabit Ethernet to the two ATM PVCs on the DSL. Because the CPE acts as a bridge, and because the aggregation router uses the same MAC address for both PPPoE and RBE, the CPE will not be able to bridge packets to the correct PVC. The solution is to have a different MAC address for PPPoE only. The MAC address can be either configured or selected automatically.

The MAC address of the PPPoEoA session is either the value configured on the ATM interface using the
mac-address command or the burned-in MAC address if a MAC address is not already configured on the ATM interface. This functionality is effective only when neither autoselect nor a MAC address is specified on a broadband access group (BBA) group.

If the MAC address is specified on a BBA group, all PPPoEoA sessions use the MAC address specified on the BBA group, which is applied on the VC.

If the MAC address is selected automatically, 7 is added to the MAC address of the ATM interface.

Benefits of the Configurable MAC Address for PPPoE Feature

Because the
aggregation routers use the interface MAC address as the source MAC address for all broadband aggregation protocols on that interface, this feature solves problems that may occur when both RBE and PPPoE are deployed on the same ATM interface.

How to Provide Protocol Support for Broadband Access Aggregation of PPPoE Sessions

To provide protocol support for broadband access aggregation by assigning a profile, defining the profile is required.

When configuring a PPPoE session recovery after a system reload, perform the following task:

The global keyword creates a profile that serves as the default profile for any PPPoE port that is not assigned a specific profile.

Step 4

virtual-templatetemplate-number

Example:

Router(config-bba-group)# virtual-template 1

Specifies which virtual template will be used to clone virtual access interfaces for all PPPoE ports that use this PPPoE profile.

Step 5

sessionsmaxlimitnumber-of-sessions [thresholdthreshold-value]

Example:

Router(config-bba-group)# sessions max limit 8000

Configures the PPPoE global profile with the maximum number of PPPoE sessions that will be permitted on a router and sets the PPPoE session-count threshold at which an Simple Network Management Protocol (SNMP) trap will be generated.

Note

This command applies only to the global profile.

Step 6

sessionsper-maclimitper-mac-limit

Example:

Router(config-bba-group)# sessions per-mac limit 2

Sets the maximum number of PPPoE sessions permitted per MAC address in a PPPoE profile.

Step 7

sessionsper-vlanlimitper-vlan-limitinnerper-inner-vlan-limit

Example:

Router(config-bba-group)# sessions per-vlan limit 200

Sets the maximum number of PPPoE sessions permitted per VLAN in a PPPoE profile.

The inner keyword sets the number of sessions permitted per outer VLAN.

Step 8

sessionsper-vclimitper-vc-limit[thresholdthreshold-value]

Example:

Router(config-bba-group)# sessions per-vc limit 8

Sets the maximum number of PPPoE sessions permitted on a VC in a PPPoE profile, and sets the PPPoE session-count threshold at which an SNMP trap will be generated.

Configuring Different MAC Addresses on PPPoE

The Configurable MAC Address for PPPoE feature configures the MAC address on ATM PVCs in a broadband access (BBA) group to use a different MAC address for PPP over Ethernet over ATM (PPPoEoA).

Perform this task to configure different MAC addresses on PPPoE and enable the aggregation device to bridge packets from Gigabit Ethernet to the appropriate PVC.

Before You Begin

A BBA group profile should already exist. The BBA group commands are used to configure broadband access on aggregation and client devices that use PPPoE, and routed bridge encapsulation (RBE).

Perform this task to configure different MAC addresses on PPPoE and enable the aggregation device to bridge packets from Gigabit Ethernet to the appropriate PVC.

SUMMARY STEPS

1.enable

2.configureterminal

3.bba-grouppppoe {bba-group-name |
global}

4.mac-address {autoselect |
mac-address}

5.end

6.showpppoesession

DETAILED STEPS

Command or Action

Purpose

Step 1

enable

Example:

Device> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2

configureterminal

Example:

Device# configure terminal

Enters global configuration mode.

Step 3

bba-grouppppoe {bba-group-name |
global}

Example:

Device(config)#bba-group pppoe group1

Enters BBA group configuration mode.

Step 4

mac-address {autoselect |
mac-address}

Example:

Device(config-bba-group)# mac-address autoselect

Selects the MAC address, as follows:

autoselect--Automatically selects the MAC address based on the ATM interface address, plus 7.

mac-address--Standardized data link layer address having a 48-bit MAC address. Also known as a hardware address, MAC layer address, and physical address. All PPPoEoA sessions use the MAC address specified on the BBA group, which are applied on the VC.

Step 5

end

Example:

Device(config-bba-group)# end

Exits BBA group configuration mode.

Step 6

showpppoesession

Example:

Device# show pppoe session

Displays the MAC address as the local MAC (LocMac) address on the last line of the display.

Configuring PPPoE Session Recovery After Reload

Perform this task to configure the aggregation device to send PPPoE active discovery terminate (PADT) packets to the CPE device upon receipt of PPPoE packets on "half-active" PPPoE sessions (a PPPoE session that is active on the CPE end only).

If the PPP keepalive mechanism is disabled on a customer premises equipment (CPE) device, a PPP over Ethernet (PPPoE) session will hang indefinitely after an aggregation device reload. The PPPoE Session Recovery After Reload feature enables the aggregation device to attempt to recover PPPoE sessions that failed because of reload by notifying CPE devices about the PPPoE session failures.

The PPPoE protocol relies on the PPP keepalive mechanism to detect link or peer device failures. If PPP detects a failure, it terminates the PPPoE session. If the PPP keepalive mechanism is disabled on a CPE device, the CPE device has no way to detect link or peer device failures over PPPoE connections. When an aggregation device that serves as the PPPoE session endpoint reloads, the CPE device will not detect the connection failure and will continue to send traffic to the aggregation device. The aggregation device will drop the traffic for the failed PPPoE session.

The
sessionsautocleanup command enables an aggregation device to attempt to recover PPPoE sessions that existed before a reload. When the aggregation device detects a PPPoE packet for a half-active PPPoE session, the device notifies the CPE of the PPPoE session failure by sending a PPPoE PADT packet. The CPE device is expected to respond to the PADT packet by taking failure recovery action.

SUMMARY STEPS

1.enable

2.configureterminal

3.bba-grouppppoe{group-name |
global}

4.sessionsautocleanup

5.end

DETAILED STEPS

Command or Action

Purpose

Step 1

enable

Example:

Device>enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2

configureterminal

Example:

Device# configure terminal

Enters global configuration mode.

Step 3

bba-grouppppoe{group-name |
global}

Example:

Device(config)# bba-group pppoe global

Defines a PPPoE profile and enters BBA group configuration mode.

The
global keyword creates a profile that will serve as the default profile for any PPPoE port that is not assigned a specific profile.

Step 4

sessionsautocleanup

Example:

Device(config-bba-group)# sessions auto cleanup

Configures an aggregation device to attempt to recover PPPoE sessions that failed because of reload by notifying CPE devices about the PPPoE session failures.

Example: PPPoE Profiles Configuration

The following example shows the configuration of three PPPoE profiles: vpn1, vpn2, and a global PPPoE profile. The profiles vpn1 and vpn2 are assigned to PVCs, VC classes, VLANs, and PVC ranges. Any Gigabit Ethernet interface, VLAN, PVC, PVC range, or VC class that is configured for PPPoE but is not assigned either profile vpn1 or vpn (such as VC class class-pppoe-global) will use the global profile.

Example: MAC Address of the PPPoEoA Session as the Burned-In MAC Address

In the following example, neither address autoselect nor a MAC address is configured on the BBA group. The MAC address is not configured on the ATM interface (the default condition). The
showpppoesession command is used to confirm that the MAC address of the PPPoEoA session is the burned-in MAC address of the ATM interface.

Example Address Autoselect Configured and MAC Address Not Configured

In the following example, address autoselect is configured on the BBA group, and the MAC address is not configured on the ATM interface. The showpppoesession command displays the MAC address of the interface, plus 7.

Example: MAC Address Configured on the ATM Interface

In the following example, neither autoselect nor the MAC address is configured on the BBA group, but the MAC address is configured on the ATM interface, as indicated by the report from theshowpppoesession command:

Example: MAC Address Configured on the BBA Group

In the following example, the MAC address is configured on the BBA group. The display from the
showpppoesession command indicates that all PPPoEoA sessions on the ATM interface associated with the BBA group use the same MAC address as specified on the BBA group.

Where to Go Next

If you want to establish PPPoE session limits for sessions on a specific permanent virtual circuit or VLAN configured on an Layer Two Tunneling Protocol (L2TP) access concentrator, see the Establishing PPPoE Session Limits per NAS Port module.

If you want to use service tags to enable a PPPoE server to offer PPPoE clients a selection of service during call setup, see the Offering PPPoE Clients a Selection of Services During Call Setup module.

If you want to enable an L2TP access concentrator to relay active discovery and service selection functionality for PPPoE over an L2TP control channel to an L2TP network server (LNS) or tunnel switch, see the Enabling PPPoE Relay Discovery and Service Selection Functionality module.

If you want to configure the transfer upstream of the PPPoX session speed value, see the Configuring Upstream Connections Speed Transfer module.

If you want to use SNMP to monitor PPPoE sessions, see the Monitoring PPPoE Sessions with SNMP module.

If you want to identify a physical subscribe line for RADIUS communication with a RADIUS server, see the Identifying a Physical Subscriber Line for RADIUS Access and Accounting module.

If you want to configure a Cisco Subscriber Service Switch, see the Configuring Cisco Subscriber Service Switch Policies module.

Using service tags to enable a PPPoE server to offer PPPoE clients a selection of service during call setup

Offering PPPoE Clients a Selection of Services During Call Setup

Enabling an L2TP access concentrator to relay active discovery and service selection functionality for PPPoE over an L2TP control channel to an L2TP network server (LNS) or tunnel switch

Enabling PPPoE Relay Discovery and Service Selection Functionality

Configuring the transfer upstream of the PPPoX session speed value

Configuring Upstream Connections Speed Transfer

Using SNMP to monitor PPPoE sessions

Monitoring PPPoE Sessions with SNMP

Identifying a physical subscribe line for RADIUS communication with a RADIUS server

Identifying a Physical Subscriber Line for RADIUS Access and Accounting

Configuring a Cisco Subscriber Service Switch

Configuring ISG Policies for Automatic Subscriber Logon

Standards/RFCs

Standards

Title

No new or modified standards are supported by this feature, and support for existing standards has not been modified by this feature.

--

RFC 1483

Multiprotocol Encapsulation over ATM Adaptation Layer 5

RFC 2516

A Method for Transmitting PPP over Ethernet (PPPoE)

Technical Assistance

Description

Link

The Cisco Support and Documentation website provides online resources to download documentation, software, and tools. Use these resources to install and configure the software and to troubleshoot and resolve technical issues with Cisco products and technologies. Access to most tools on the Cisco Support and Documentation website requires a Cisco.com user ID and password.

Feature Information for Providing Protocol Support for Broadband Access Aggregation of PPPoE Sessions

The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/​go/​cfn. An account on Cisco.com is not required.

The PPPoE Connection Throttling feature limits PPPoE connection requests to help prevent intentional denial-of-service attacks and unintentional PPP authentication loops. This feature implements session throttling on the PPPoE server to limit the number of PPPoE session requests that can be initiated from a MAC address or virtual circuit during a specified period of time.

PPPoE Server Restructuring and PPPoE Profiles

Cisco IOS XE Release 2.1

This feature was introduced on Cisco ASR 1000 Series Aggregation Services Routers.